More details

...and typically only nslookup [SERVER].[DOMAIN]. returns a response, but sometimes not even that. I've tried configuring the DHCP server diffrently, eventually only supply a single DNS server to the client, which is the DC itself. That usually fixes the nslookup issue but it doesn't explain why I can't join the domain.

If I disable NetBIOS over TCP/IP I get security problems related to the domain controller not being found by it's WINS name, or something like that. Apparently this also relates to the way our domain controller is set up.

Our domain name in Windows Server is just a single "name", a colleague of mine says that it could be part of the problem. According to some docs he read it should be something like [DOMAIN].local, but it isn't, care to comment?

[DOMAIN] and [SERVER] are placeholders for domain name and domain controller name.

The domain name [DOMAIN] might be a
NetBIOS domain name. If this is the
case, verify that the domain name is
properly registered with WINS.

If you are certain that the name is
not a NetBIOS domain name, then the
following information can help you
troubleshoot your DNS configuration.

DNS was successfully queried for the
service location (SRV) resource record
used to locate a domain controller for
domain [DOMAIN]:

The query was for the SRV record for
_ldap._tcp.dc._msdcs.[DOMAIN]

The following domain controllers were
identified by the query:

[SERVER].[DOMAIN]

Common causes of this error include:

Host (A) records that map the name of the domain controller to its IP
addresses are missing or contain
incorrect addresses.

Domain controllers registered in DNS are not connected to the network or
are not running.

Can you describe a bit more about all the 'tricks' you tried?
–
ZoredacheNov 3 '09 at 8:33

If you disable NetBios over TCP\IP then you shouldn't be able to do anything with the WINS names, you've just disabled the part of the stack that handles that. If you try to join using the fully qualified domain names does that work?
–
HelvickNov 3 '09 at 11:05

+1 for this: AD puts all sorts of entries into DNS for its own reasons. Machines in the domain need to use the same microsoft DNS server that the domain controller uses. Often this is the DC itself.
–
pjc50Nov 3 '09 at 13:30

the DNS looks about right, still i get the same stupid error
–
John LeidegrenNov 6 '09 at 11:28

You should enable Location of the DCs hosting a domain with single label DNS name in Computer Configuration/Administrative Templates/System/Net Logon/DC Locator DNS Records on client computer, otherwise it will think that your single-label domain is netbios name.

Few hours ago, I got same problem: can not join XP machine to the domain. DC is 2003 R2 SE, domain level - 2000. DNS and WINS, services are running, no error events exists. But when I trying to join computer to the domain, I got an error, that domain controller is nos accessible. Some words about WINS and DNS requests.

That's right: in DNS all records where correctly registered, nslookup with domain name resolves well with DC IP address, but in WINS server I didn't find one row, where record type must be domain controller and my domain name (of cause, IP address of DC must be there too).

What to do:

right click on "Active registrations" in WINS administration console and "display records". Try to find domain controller. If not, do p.2

That's all. Check, that your AD contains computer object, that You want to register, check group name, who owns permissions to register computer to the domain and Your account exactly have those permissions. Register to the domain Your new workstation.